https://pulumi.com logo
Join Slack
Channels
Powered by Linen
aws
  • s

    salmon-account-74572

    08/09/2022, 4:24 PM
    If I stop an EC2 instance and then restart it (say, using the AWS CLI), its IP address changes. Is there any reason why 
    pulumi refresh
    would not pick up the new IP address and update the stack output accordingly?
    w
    • 2
    • 2
  • t

    tall-photographer-1935

    08/09/2022, 5:05 PM
    When doing a 
    StackReference
    for an s3 bucket, how do you reference the other stack? I have an example where i have one bucket but two folders: s3://bucket/vpc/.pulumi/stacks/ s3://bucket/kubernetes/.pulumi/stacks/ I want to reference the outputs from the vpc folder in my kubernetes folder code. I've tried various ways, mostly like: 
    network_stack_ref = pulumi.StackReference("vpc/dev_vpc")
    with no luck
    b
    • 2
    • 2
  • v

    victorious-dusk-75271

    08/10/2022, 7:35 AM
    aws:ec2:VpcPeeringConnection (primary-eks-vpc-peer-to-us-eks-vpc):
    error: 1 error occurred:
        * creating urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpcPeeringConnection:VpcPeeringConnection::primary-eks-vpc-peer-to-us-eks-vpc: 1 error occurred:
        * Unable to modify EC2 VPC Peering Connection Options. EC2 VPC Peering Connection (pcx-031d18fcc4929fecd) is not active (current status: pending-acceptance). Please set the `auto_accept` attribute to `true` or activate the EC2 VPC Peering Connection manually.
    l
    • 2
    • 11
  • v

    victorious-dusk-75271

    08/10/2022, 7:35 AM
    any idea why i am getting this error?
  • v

    victorious-dusk-75271

    08/10/2022, 7:36 AM
    i have accepter setup
  • v

    victorious-dusk-75271

    08/10/2022, 7:36 AM
    new aws.ec2.VpcPeeringConnectionAccepter(`${this.name}-peer-to-${peerName}-accepter`, {
            vpcPeeringConnectionId: peering.id,
            autoAccept: true,
            tags: { ...this.baseTags, Name: `${this.name} VPC connection accepter`, Side: 'Accepter' }
        }, { provider: args.peerVpc.opts.provider, parent: this })
  • a

    ambitious-agent-35343

    08/10/2022, 8:36 AM
    Anyone familiar with adding ECR credentials/secret as in imagePullSecrets with a Pulumi deployment?
  • l

    little-cartoon-10569

    08/11/2022, 10:58 PM
    Would anyone know which library creates this error message? I know the restriction is at the AWS API, but I can't find the source code for the message anywhere. 
    error: could not make instance of 'aws:elasticache/replicationGroup:ReplicationGroup': name 'really-long-name-that-causes-this-error-' plus 7 random chars is longer than maximum length 40
    Wondering if it comes from Pulumi core, Pulumi AWS, code generated from the TF schema, or something else...
    b
    • 2
    • 5
  • v

    victorious-dusk-75271

    08/12/2022, 6:56 AM
    any idea what causing this? i am using pulumi.random and the result of that is 
    DFpSfUijK8
    error: deleting urn:pulumi:dev::allrites-infrastructure::custom:component:rds:globaldb$aws:rds/cluster:Cluster::globaldb-cluster: 1 error occurred:
        * error deleting RDS Cluster (tf-20220812010823122500000001): InvalidParameterValue: The parameter DBClusterSnapshotIdentifier is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters, digits, and hyphens; and must not end with a hyphen or contain two consecutive hyphens.
        status code: 400, request id: 92d6a0f5-2c7d-45d7-b094-bf9d91838c77
    l
    • 2
    • 4
  • b

    bitter-france-47214

    08/12/2022, 12:00 PM
    apigateway
    lambda
    invocation
    Code In the code, I am using 
    pulumi.interpolate
    and 
    signup.invokeArn
    to setup the apigateway integration with the lambda defined further up. Though, I am getting an Error (see below) and don't know why. Can anybody help? 
    const signup = new aws.lambda.Function("sign-up", { ... });


const api = new aws.apigateway.RestApi("freedev-api", {
  body: JSON.stringify({
    ...
    paths: {
      ...
      "x-amazon-apigateway-integration": {
        httpMethod: "POST",
        type: "AWS_PROXY",
        uri: pulumi.interpolate `arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/${signup.invokeArn}/invocations`,
       },
    Error 
    Error creating API Gateway Deployment: BadRequestException: No integration defined for method
  • b

    breezy-laptop-42679

    08/12/2022, 2:28 PM
    while defining security group id iam getting an error : Object is possibly 'undefined'. here is the example code I have to edit :
  • b

    breezy-laptop-42679

    08/12/2022, 2:29 PM
    const allowPostgresSgRule =
      env === 'prod' &&
      tfCCCRdsPostgresSg &&
      new aws.ec2.SecurityGroupRule('ccc-postgres-access-rule', {
        type: 'ingress',
        fromPort: 5432,
        toPort: 5432,
        protocol: 'tcp',
        sourceSecurityGroupId: sg.id,
        securityGroupId: tfCCCRdsPostgresSg.id,
      });
   // NOTE: Sunguard GP VPN
   const allowLocalAccessGPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.0.0/19'],
    securityGroupId: XXXXXRdsPostgresSg.id,
  });
  // NOTE: Bethpage GP VPN
  const allowLocalAccessGPBPSgRule = new aws.ec2.SecurityGroupRule('allow-gp-bp-access-rule', {
    type: 'ingress',
    fromPort: 5432,
    toPort: 5432,
    protocol: 'tcp',
    cidrBlocks: ['XXX.XX.X.0/24'],
    securityGroupId: XXXXRdsPostgresSg.id,
  });
    l
    • 2
    • 3
  • b

    breezy-laptop-42679

    08/12/2022, 2:30 PM
    need to change our security group rules to allow traffic from the CIDR block for GlobalProtect.
  • c

    cool-football-2937

    08/12/2022, 7:16 PM
    Hi folks! We are using 
    pulumi==3.37.2
    , 
    pulumi-aws==4.38.1
    , 
    pulumi-docker==3.0.0
    and 
    python==3.7
    . While running 
    pulumi up
    and trying to create a docker image using 
    DockerBuild()
    function of 
    pulumi-docker
    it errors out giving the following message: 
    error: Program failed with an unhandled exception:
    error: Traceback (most recent call last):
    File "C:\ProgramData\chocolatey\lib\pulumi\tools\Pulumi\bin\pulumi-language-python-exec", line 107, in <module>
    loop.run_until_complete(coro)
    File "C:\Users\mbillah\Miniconda3\envs\pcty_nlp_platform\lib\asyncio\base_events.py", line 583, in run_until_complete
    return future.result()
    Would really appreciate some information about what is causing this and how it can be resolved.
    👍 1
    b
    • 2
    • 2
  • v

    victorious-memory-43562

    08/13/2022, 7:15 PM
    Does anyone know how I can set up the apigateway custom DomainName when my route 53 hosted zone & ACM cert for that domain are in a different account in the same organization? I’m reading this and am struggling figuring out how to do this with Pulumi
    b
    • 2
    • 8
  • v

    victorious-dusk-75271

    08/15/2022, 11:51 AM
    does anyone know what this error mean? i am using @pulumi/eks 
    Diagnostics:
  eks:index:VpcCni (primary-eks-eks-cluster-vpc-cni):
    error: Command failed: kubectl apply -f /tmp/tmp-12985ZDmsHqyDJ692.tmp

    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 254

  pulumi:pulumi:Stack (allrites-infrastructure-dev):
    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid

    An error occurred (ValidationError) when calling the AssumeRole operation: urn:pulumi:dev::allrites-infrastructure::pulumi:providers:aws::apRegion is invalid
    Unable to connect to the server: getting credentials: exec: executable aws failed with exit code 254

    error: update failed
    v
    • 2
    • 5
  • a

    ambitious-father-68746

    08/15/2022, 5:05 PM
    Hi, I'm trying to understand the benefits of using pulumi/eks instead of pulumi/aws/eks, but so far I don't really understand why I would want to use it. Can anyone enlighten me? Thank you
    b
    • 2
    • 8
  • r

    rough-jewelry-40643

    08/15/2022, 7:44 PM
    Hi all, I have a dumb question. I am trying to set up task autoscaling as part of an ECS fargate hosted service. I can find the documents on setting up autoscaling for Ec2's running with ECS but not for the task autocaling. Can some one point me to the docs?
    b
    • 2
    • 3
  • p

    polite-window-12946

    08/16/2022, 5:48 PM
    Is there a place where we can see where the awsx typescript version 1.0 will come out of beta? in the meantime is it recommended to use that or the 0.40 release, since the live docs point to the beta but everything else seems to be using 0.40?
    s
    • 2
    • 4
  • b

    big-potato-91793

    08/17/2022, 12:33 AM
    Hey, we were in the process of upgrading our dependencies of the aws provider to the latest. But everytime we do this we start having weird behaviour and getting 
    an unhandled error occurred: Program exited with non-zero exit code: -1
    Is there any idea what we should be looking into?
    • 1
    • 2
  • v

    victorious-dusk-75271

    08/17/2022, 5:32 AM
    Does anyone know how to solve this problem? 
    aws:ec2:Eip (us-data-vpc-nat-1):
    error: deleting urn:pulumi:dev::allrites-infrastructure::custom:resource:vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::us-data-vpc-nat-1: 1 error occurred:
        * AuthFailure: You do not have permission to access the specified resource.
        status code: 400, request id: 3cedd0dd-f987-4eac-9c2b-ff179af491c2
    v
    • 2
    • 5
  • a

    ambitious-umbrella-20232

    08/17/2022, 2:35 PM
    Hey all, does anyone know if it's possible to pass 
    pulumi up
    a different 
    aws:profile:
    value during the cli run that doesn't overwrite the value in the stack file? So like in my stack file I have this: 
    config:
  aws:profile: staging
  aws:region: us-east-2
    Where 
    staging
    corresponds to one of my named profiles in my 
    ~/.aws/config
    file. But if someone else pulls down this code and tries to run it and their config file uses a different name for their keys to the same account can they pass a flag to 
    pulumi up
    to point it there only during that run? I tried using the 
    -c
    flag but it looks like that overwrites the stack file value. And yes I know this should be done all within a CICD pipeline, we're working on it 🙂
  • b

    billowy-horse-79629

    08/17/2022, 2:38 PM
    Hey all, I’m deploying a new AWS WAF for my application loadbalancers and i’m pretty of new to it. I understand that using managed rules for the ACL can be very beneficial so I chose to use F5 ACL rule . Unfortunately, after reading the AWS Pulumi code carefully I couldn’t find any way to use managed rules as part of my Pulumi code. Am I missing something ? Have anyone used managed rules as part of the Pulumi code ? Thanks guys !
  • s

    steep-winter-68060

    08/17/2022, 5:49 PM
    Hi all! Is it possible to set up a serverless MSK cluster with Pulumi?
    b
    • 2
    • 1
  • v

    victorious-dusk-75271

    08/18/2022, 12:52 AM
    can anyone from pulumi check this please? https://github.com/pulumi/pulumi-eks/issues/762
    s
    • 2
    • 4
  • v

    victorious-dusk-75271

    08/18/2022, 7:32 AM
    it is sad that 
    @pulumi/eks
    is not usable. I am struggling with it since yesterday. here is for example, its adds labels on fresh stack then running up again wants to remove the labels. 
    ++kubernetes:core/v1:ConfigMap: (create-replacement)
                [id=kube-system/aws-auth]
                [urn=urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$kubernetes:core/v1:ConfigMap::primary-eks-eks-cluster-nodeAccess]
                [provider: urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::586e6654-9fcb-4908-9f46-53b23ae4c5c8 => urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::output<string>]
              ~ metadata  : {
                  - labels   : {
                      - <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: "pulumi"
                    }
                }
            +-kubernetes:core/v1:ConfigMap: (replace)
                [id=kube-system/aws-auth]
                [urn=urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$kubernetes:core/v1:ConfigMap::primary-eks-eks-cluster-nodeAccess]
                [provider: urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::586e6654-9fcb-4908-9f46-53b23ae4c5c8 => urn:pulumi:dev::allrites-infrastructure::custom:resource:eks$eks:index:Cluster$pulumi:providers:kubernetes::primary-eks-eks-cluster-eks-k8s::output<string>]
              ~ metadata  : {
                  - labels   : {
                      - <http://app.kubernetes.io/managed-by|app.kubernetes.io/managed-by>: "pulumi"
                    }
                }
    b
    • 2
    • 2
  • s

    strong-helmet-83704

    08/18/2022, 8:09 PM
    Is there any way to have Pulumi capture the output of UserData code which runs on instance boot?
    b
    m
    • 3
    • 13
  • b

    bitter-kite-21926

    08/18/2022, 8:59 PM
    Hi all. I have infrastructure separated into 
    common
    (where i create eks cluster and nodepool and shared things else) and per-project infrastructure (lives with code and has services/deployments/etc). How do i specify in the per-project infrastructure which eks cluster to deploy to? i have aws:profile specified in the stack yaml, but it looks that pulumi ignores it and deploys to current kubectl context.
    b
    • 2
    • 1
  • b

    brainy-furniture-37509

    08/19/2022, 6:42 AM
    Hi my cloudwatch eventRule is getting 
    InvalidEventPatternException: Event pattern is not valid. Reason: Match value must be String, number, true, false, or null
    while trying to use below pattern. Is content filtering unavailable?     Oops, false alarm. 
    family
    was array silly 
    eventPattern: JSON.stringify({
                'source': ['aws.ecs'],
                'detail-type': ['ECS Task State Change'],
                'detail': {
                  'group': [family],
                  'lastStatus': ['STOPPED'],
                  'stoppedReason': ['Essential container in task exited'],
                  'containers': {'exitCode': [{'anything-but': 0}]}
                }
              })
  • a

    ambitious-father-68746

    08/19/2022, 11:13 AM
    Hi, after upgrading to pulumi-aws 5.11.0 I'm getting an error everytime I specify resource options on a resource. This works: 
    aws.get_availability_zones()
    This breaks: 
    aws.get_availability_zones(
    opts=pulumi.ResourceOptions(),
)
    The error is: 
    File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi_aws/get_availability_zones.py", line 202, in get_availability_zones
        opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
      File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi/invoke.py", line 115, in merge
        raise TypeError("Expected opts2 to be a InvokeOptions instance")
    TypeError: Expected opts2 to be a InvokeOptions instance
    Anyone else seeing the same thing? 5.10.0 works fine.
    • 1
    • 1
Title
a

ambitious-father-68746

08/19/2022, 11:13 AM
Hi, after upgrading to pulumi-aws 5.11.0 I'm getting an error everytime I specify resource options on a resource. This works: 
aws.get_availability_zones()
This breaks: 
aws.get_availability_zones(
    opts=pulumi.ResourceOptions(),
)
The error is: 
File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi_aws/get_availability_zones.py", line 202, in get_availability_zones
        opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts)
      File "/tmp/tmp.T1ec9S84a7/pulumi/venv/lib64/python3.10/site-packages/pulumi/invoke.py", line 115, in merge
        raise TypeError("Expected opts2 to be a InvokeOptions instance")
    TypeError: Expected opts2 to be a InvokeOptions instance
Anyone else seeing the same thing? 5.10.0 works fine.
I've raised a ticket: https://github.com/pulumi/pulumi-aws/issues/2102
View count: 4